From 1abb4fbda683718a34c76cc8bf474c128500a1a2 Mon Sep 17 00:00:00 2001 From: Doke Scott Date: Mon, 24 Aug 2015 14:31:31 -0400 Subject: [PATCH 1/8] Revert "more mingw32 can't find glob.h" This reverts commit c14f21a483ae4bc26ca5e391df9e5dbcb721a382. --- src/config/syscheck-config.c | 7 ------- src/headers/shared.h | 4 +--- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/src/config/syscheck-config.c b/src/config/syscheck-config.c index 4d492dd7c..e2304824a 100644 --- a/src/config/syscheck-config.c +++ b/src/config/syscheck-config.c @@ -367,10 +367,6 @@ static int read_attr(syscheck_config *syscheck, const char *dirs, char **g_attrs } /* Check for glob */ - /* The mingw32 builder used by travis.ci can't find glob.h - * Yet glob must work on actual win32. - */ -#ifndef __MINGW32__ if (strchr(tmp_dir, '*') || strchr(tmp_dir, '?') || strchr(tmp_dir, '[')) { @@ -400,9 +396,6 @@ static int read_attr(syscheck_config *syscheck, const char *dirs, char **g_attrs else { dump_syscheck_entry(syscheck, tmp_dir, opts, 0, restrictfile); } -#else - dump_syscheck_entry(syscheck, tmp_dir, opts, 0, restrictfile); -#endif if (restrictfile) { free(restrictfile); diff --git a/src/headers/shared.h b/src/headers/shared.h index 498ae68b1..0e012d9fd 100644 --- a/src/headers/shared.h +++ b/src/headers/shared.h @@ -61,9 +61,7 @@ #include #include -/* The mingw32 builder used by travis.ci can't find glob.h - * Yet glob must work on actual win32. - */ +/* the mingw32 builder used by travis.ci can't find glob.h */ #ifndef __MINGW32__ #include #endif From fd81cb3b960d380d61f2187e674899c3cf1dc9d8 Mon Sep 17 00:00:00 2001 From: Doke Scott Date: Mon, 24 Aug 2015 14:31:48 -0400 Subject: [PATCH 2/8] Revert "mingw32 compiler used by travis ci can't find glob.h" This reverts commit d0c1a4b742aaa11005e84f3fb6181caad85cf00c. --- .travis.yml | 2 ++ src/headers/shared.h | 4 ---- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 81c9a55ef..168841301 100644 --- a/.travis.yml +++ b/.travis.yml @@ -48,6 +48,8 @@ before_script: ); fi - if [[ "${OSSEC_TYPE}" == "winagent" ]]; then ( sudo apt-get install aptitude && sudo aptitude -y install mingw-w64 nsis ); fi - if [[ "${OSSEC_TYPE}" == "test" ]]; then ( sudo add-apt-repository -y "deb http://archive.ubuntu.com/ubuntu/ vivid main " && sudo apt-get update && sudo apt-get install check valgrind ); fi +- sudo apt-get install -y libc6-dev +- ls -laF /usr/include/glob.h script: diff --git a/src/headers/shared.h b/src/headers/shared.h index 0e012d9fd..e725e67e0 100644 --- a/src/headers/shared.h +++ b/src/headers/shared.h @@ -60,11 +60,7 @@ #include #include #include - -/* the mingw32 builder used by travis.ci can't find glob.h */ -#ifndef __MINGW32__ #include -#endif #ifndef WIN32 #include From 92d9960790d639173aeec3d0d8dd2ad68e64c2bd Mon Sep 17 00:00:00 2001 From: Doke Scott Date: Mon, 24 Aug 2015 14:31:58 -0400 Subject: [PATCH 3/8] Revert "tring to figure out glob.h errors" This reverts commit 90393020b5a62c6e1cbf92a7afb1b6024f6761a5. --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 168841301..d639f429d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -49,7 +49,6 @@ before_script: - if [[ "${OSSEC_TYPE}" == "winagent" ]]; then ( sudo apt-get install aptitude && sudo aptitude -y install mingw-w64 nsis ); fi - if [[ "${OSSEC_TYPE}" == "test" ]]; then ( sudo add-apt-repository -y "deb http://archive.ubuntu.com/ubuntu/ vivid main " && sudo apt-get update && sudo apt-get install check valgrind ); fi - sudo apt-get install -y libc6-dev -- ls -laF /usr/include/glob.h script: From 0df0d9a90ce719b4b6e4658c90c7a940fa232e24 Mon Sep 17 00:00:00 2001 From: Doke Scott Date: Mon, 24 Aug 2015 14:32:07 -0400 Subject: [PATCH 4/8] Revert "preload libc6-dev package so travis ci can find glob.h" This reverts commit ad8514be18ed0baae5d0bb4cd1eb7703d74ffd0e. --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index d639f429d..6f6f2058e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -48,7 +48,7 @@ before_script: ); fi - if [[ "${OSSEC_TYPE}" == "winagent" ]]; then ( sudo apt-get install aptitude && sudo aptitude -y install mingw-w64 nsis ); fi - if [[ "${OSSEC_TYPE}" == "test" ]]; then ( sudo add-apt-repository -y "deb http://archive.ubuntu.com/ubuntu/ vivid main " && sudo apt-get update && sudo apt-get install check valgrind ); fi -- sudo apt-get install -y libc6-dev + script: From 9a6934db91ce5c940f95ac57167001d82a3f2d92 Mon Sep 17 00:00:00 2001 From: Doke Scott Date: Mon, 24 Aug 2015 14:32:22 -0400 Subject: [PATCH 5/8] Revert "include glob.h on unix" This reverts commit b7e9ebe0acd7bf3b50d8884021d3408d5c04488f. --- src/headers/shared.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/headers/shared.h b/src/headers/shared.h index e725e67e0..0a53ce562 100644 --- a/src/headers/shared.h +++ b/src/headers/shared.h @@ -60,9 +60,9 @@ #include #include #include -#include #ifndef WIN32 +#include #include #include #include From 1465244f9bf5a37b890762fd21f08ddbd8f18fd2 Mon Sep 17 00:00:00 2001 From: Doke Scott Date: Mon, 24 Aug 2015 14:32:49 -0400 Subject: [PATCH 6/8] Revert "Let unix use glob patterns in syscheck directory entries. As a side effect" This reverts commit e8ed521c7e598bce53cbd9ac2b607da18cefde3a. --- src/config/syscheck-config.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/config/syscheck-config.c b/src/config/syscheck-config.c index e2304824a..a289e5b3f 100644 --- a/src/config/syscheck-config.c +++ b/src/config/syscheck-config.c @@ -367,6 +367,7 @@ static int read_attr(syscheck_config *syscheck, const char *dirs, char **g_attrs } /* Check for glob */ +#ifndef WIN32 if (strchr(tmp_dir, '*') || strchr(tmp_dir, '?') || strchr(tmp_dir, '[')) { @@ -396,6 +397,9 @@ static int read_attr(syscheck_config *syscheck, const char *dirs, char **g_attrs else { dump_syscheck_entry(syscheck, tmp_dir, opts, 0, restrictfile); } +#else + dump_syscheck_entry(syscheck, tmp_dir, opts, 0, restrictfile); +#endif if (restrictfile) { free(restrictfile); From ec81e5549eaf4c27bfe43899f16eacbddfd4dfd1 Mon Sep 17 00:00:00 2001 From: Doke Scott Date: Mon, 24 Aug 2015 15:25:39 -0400 Subject: [PATCH 7/8] Add directories option to keep scan on same device, ie mountpoint. Similar to -mount flag to unix find(1) command. --- src/config/syscheck-config.c | 11 +++++++ src/config/syscheck-config.h | 1 + src/syscheckd/create_db.c | 63 +++++++++++++++++++++++++++++------- 3 files changed, 63 insertions(+), 12 deletions(-) diff --git a/src/config/syscheck-config.c b/src/config/syscheck-config.c index a289e5b3f..44f93c38f 100644 --- a/src/config/syscheck-config.c +++ b/src/config/syscheck-config.c @@ -167,6 +167,7 @@ static int read_attr(syscheck_config *syscheck, const char *dirs, char **g_attrs const char *xml_real_time = "realtime"; const char *xml_report_changes = "report_changes"; const char *xml_restrict = "restrict"; + const char *xml_same_dev = "same_dev"; char *restrictfile = NULL; char **dir; @@ -337,6 +338,16 @@ static int read_attr(syscheck_config *syscheck, const char *dirs, char **g_attrs restrictfile = NULL; } os_strdup(*values, restrictfile); + } else if (strcmp(*attrs, xml_same_dev) == 0) { + if (strcmp(*values, "yes") == 0) { + opts |= CHECK_SAME_DEV; + } else if (strcmp(*values, "no") == 0) { + opts &= ~ CHECK_SAME_DEV; + } else { + merror(SK_INV_OPT, __local_name, *values, *attrs); + ret = 0; + goto out_free; + } } else { merror(SK_INV_ATTR, __local_name, *attrs); ret = 0; diff --git a/src/config/syscheck-config.h b/src/config/syscheck-config.h index feb005e80..a3c5a043e 100644 --- a/src/config/syscheck-config.h +++ b/src/config/syscheck-config.h @@ -23,6 +23,7 @@ #define CHECK_SHA1SUM 0000040 #define CHECK_REALTIME 0000100 #define CHECK_SEECHANGES 0000200 +#define CHECK_SAME_DEV 0000400 #include diff --git a/src/syscheckd/create_db.c b/src/syscheckd/create_db.c index 096e553f9..3e83848e2 100644 --- a/src/syscheckd/create_db.c +++ b/src/syscheckd/create_db.c @@ -14,15 +14,18 @@ #include "os_crypto/md5_sha1/md5_sha1_op.h" /* Prototypes */ -static int read_file(const char *dir_name, int opts, OSMatch *restriction) __attribute__((nonnull(1))); -static int read_dir(const char *dir_name, int opts, OSMatch *restriction) __attribute__((nonnull(1))); +static int read_file(const char *dir_name, int opts, OSMatch *restriction, + dev_t topdev) __attribute__((nonnull(1))); +static int read_dir(const char *dir_name, int opts, OSMatch *restriction, + dev_t topdev) __attribute__((nonnull(1))); /* Global variables */ static int __counter = 0; /* Read and generate the integrity data of a file */ -static int read_file(const char *file_name, int opts, OSMatch *restriction) +static int read_file(const char *file_name, int opts, OSMatch *restriction, + dev_t topdev) { char *buf; char sha1s = '+'; @@ -72,6 +75,14 @@ static int read_file(const char *file_name, int opts, OSMatch *restriction) } } + // same filesystem? + if ((opts & CHECK_SAME_DEV) && statbuf.st_dev != topdev) { + debug2("%s: read_file ignoring cross-device '%s'", + ARGV0, file_name); + return(0); + } + + if (S_ISDIR(statbuf.st_mode)) { #ifdef DEBUG verbose("%s: Reading dir: %s\n", ARGV0, file_name); @@ -84,7 +95,7 @@ static int read_file(const char *file_name, int opts, OSMatch *restriction) return (-1); } #endif - return (read_dir(file_name, opts, restriction)); + return (read_dir(file_name, opts, restriction, topdev)); } /* Restrict file types */ @@ -249,7 +260,8 @@ static int read_file(const char *file_name, int opts, OSMatch *restriction) return (0); } -static int read_dir(const char *dir_name, int opts, OSMatch *restriction) +static int read_dir(const char *dir_name, int opts, OSMatch *restriction, + dev_t topdev) { size_t dir_size; char f_name[PATH_MAX + 2]; @@ -282,7 +294,7 @@ static int read_dir(const char *dir_name, int opts, OSMatch *restriction) dp = opendir(dir_name); if (!dp) { if (errno == ENOTDIR) { - if (read_file(dir_name, opts, restriction) == 0) { + if (read_file(dir_name, opts, restriction, topdev) == 0) { return (0); } } @@ -347,7 +359,7 @@ static int read_dir(const char *dir_name, int opts, OSMatch *restriction) strncpy(s_name, entry->d_name, PATH_MAX - dir_size - 2); /* Check integrity of the file */ - read_file(f_name, opts, restriction); + read_file(f_name, opts, restriction, topdev); } closedir(dp); @@ -357,10 +369,24 @@ static int read_dir(const char *dir_name, int opts, OSMatch *restriction) int run_dbcheck() { int i = 0; + struct stat statbuf; __counter = 0; while (syscheck.dir[i] != NULL) { - read_dir(syscheck.dir[i], syscheck.opts[i], syscheck.filerestrict[i]); + debug2( "%s: read starting dir: '%s'", ARGV0, syscheck.dir[i]); + + /* Win32 does not have lstat */ + #ifdef WIN32 + if(stat(syscheck.dir[i], &statbuf) < 0) + #else + if(lstat(syscheck.dir[i], &statbuf) < 0) + #endif + { + merror("%s: Error accessing '%s'.",ARGV0, syscheck.dir[i]); + } else { + read_dir(syscheck.dir[i], syscheck.opts[i], syscheck.filerestrict[i], + statbuf.st_dev); + } i++; } @@ -393,11 +419,24 @@ int create_db() /* Read all available directories */ __counter = 0; do { - if (read_dir(syscheck.dir[i], syscheck.opts[i], syscheck.filerestrict[i]) == 0) { + struct stat statbuf; + + debug2( "%s: read starting dir: '%s'", ARGV0, syscheck.dir[i] ); + + /* Win32 does not have lstat */ + #ifdef WIN32 + if(stat(syscheck.dir[i], &statbuf) < 0) + #else + if(lstat(syscheck.dir[i], &statbuf) < 0) + #endif + { + merror("%s: Error accessing '%s'.",ARGV0, syscheck.dir[i]); + } else if(read_dir(syscheck.dir[i], syscheck.opts[i], + syscheck.filerestrict[i], statbuf.st_dev) == 0) { #ifdef WIN32 - if (syscheck.opts[i] & CHECK_REALTIME) { - realtime_adddir(syscheck.dir[i]); - } + if (syscheck.opts[i] & CHECK_REALTIME) { + realtime_adddir(syscheck.dir[i]); + } #endif } i++; From dbf8d11aec3f8d158d0573841b50b1ca5c11fd15 Mon Sep 17 00:00:00 2001 From: Doke Scott Date: Wed, 5 Apr 2017 17:24:55 -0400 Subject: [PATCH 8/8] merge cleanup --- .travis.yml | 1 - src/config/syscheck-config.c | 7 +++++-- src/headers/shared.h | 5 +++++ 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index b2086cbcc..6fa127eb0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -50,7 +50,6 @@ before_script: - if [[ "${OSSEC_TYPE}" == "test" ]]; then ( sudo add-apt-repository -y "deb http://archive.ubuntu.com/ubuntu/ vivid main " && sudo apt-get update && sudo apt-get install check valgrind ); fi - script: - COMMAND="V=1 TARGET=${OSSEC_TYPE}" && if ! [[ "${DB}" = "none" ]]; then COMMAND="${COMMAND} DATABASE=${DB}"; fi diff --git a/src/config/syscheck-config.c b/src/config/syscheck-config.c index 0abd74568..5cb884b0a 100644 --- a/src/config/syscheck-config.c +++ b/src/config/syscheck-config.c @@ -389,7 +389,10 @@ static int read_attr(syscheck_config *syscheck, const char *dirs, char **g_attrs } /* Check for glob */ -#ifndef WIN32 + /* The mingw32 builder used by travis.ci can't find glob.h + * Yet glob must work on actual win32. + */ +#ifndef __MINGW32__ if (strchr(tmp_dir, '*') || strchr(tmp_dir, '?') || strchr(tmp_dir, '[')) { @@ -420,7 +423,7 @@ static int read_attr(syscheck_config *syscheck, const char *dirs, char **g_attrs dump_syscheck_entry(syscheck, tmp_dir, opts, 0, restrictfile); } #else - dump_syscheck_entry(syscheck, tmp_dir, opts, 0, restrictfile); + dump_syscheck_entry(syscheck, tmp_dir, opts, 0, restrictfile); #endif if (restrictfile) { diff --git a/src/headers/shared.h b/src/headers/shared.h index adb0d77b0..0cd7609a2 100644 --- a/src/headers/shared.h +++ b/src/headers/shared.h @@ -62,7 +62,12 @@ #include #ifndef WIN32 +/* The mingw32 builder used by travis.ci can't find glob.h + * Yet glob must work on actual win32. + */ +#ifndef __MINGW32__ #include +#endif #include #include #include